Preventing Unauthorized Screen Capture Activity

ABSTRACT

Aspects of the disclosure relate to preventing unauthorized screen capture activity. A computing platform may detect, via an infrared sensor associated with a computing device, an infrared signal from a second device attempting an unauthorized image capture of contents being displayed by a display device of the computing device. Subsequently, the computing platform may determine, via the computing platform, the contents being displayed by the display device. Then, the computing platform may retrieve a record of the contents being displayed by the display device. Then, the computing platform may determine a risk level associated with the infrared signal. Subsequently, the computing platform may perform, via the computing platform and based on the risk level, a remediation task to prevent the unauthorized image capture.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/526,017, the contents of which is hereby incorporated by reference inits entirety.

TECHNICAL FIELD

Aspects of the disclosure relate to deploying digital data processingsystems, providing information security, and preventing unauthorizedaccess to resources of enterprise systems. In particular, one or moreaspects of the disclosure relate to preventing unauthorized screencapture activity.

BACKGROUND

Enterprise organizations may utilize various computing infrastructure toconduct business with their customers. Business related information mayinclude confidential information and/or other sensitive data that iscreated and/or used for various purposes. In some instances, inperforming duties and responsibilities related to conducting effectivebusiness activities, enterprise devices may be utilized to accesscustomer information over various networks and/or between variouscomputer systems. In some instances, such access may be performed atpublic places, thereby making the information vulnerable to potentialmalicious behavior. Preventing unauthorized access to informationdisplayed on a display device associated with an enterprise device mightplay a significant role in maintaining the integrity and confidentialityof the underlying information. In many instances, however, it may bedifficult to prevent unauthorized access in a timely and effectivemanner, while also attempting to optimize the resource utilization,bandwidth utilization, and efficient operations of the computinginfrastructure.

SUMMARY

Aspects of the disclosure provide effective, efficient, scalable, fast,reliable, and convenient technical solutions that address and overcomethe technical problems associated with preventing unauthorized screencapture activity. The term “preventing” is used herein to include boththose instances when all contents on the screen display is fully blockedfrom capture, as well as those instance when a capture occurs, but isotherwise mitigated by blocking or obfuscating at least part of thescreen display or by recording what content was captured and when.

In accordance with one or more embodiments, a computing platform havingat least one processor, a communication interface, and memory maydetect, via an infrared sensor associated with a computing device, aninfrared signal from a second device attempting an unauthorized imagecapture of contents being displayed by a display device of the computingdevice. Subsequently, the computing platform may determine, via thecomputing platform, the contents being displayed by the display device.Then, the computing platform may retrieve a record of the contents beingdisplayed by the display device. Then, the computing platform maydetermine a risk level associated with the infrared signal.Subsequently, the computing platform may perform, via the computingplatform and based on the risk level, a remediation task to prevent theunauthorized image capture.

In some embodiments, the computing platform may cause the display deviceto display an alert notification to a user of the computing device. Inaddition, in some embodiments, the computing platform may cause thedisplay device to cease to display the contents being displayed. Also,in some embodiments, the computing platform may deny access tooperations of the computing device. Furthermore, in some embodiments,the computing platform may determine a number of attempted unauthorizedimage captures associated with the computing device. Then, the computingplatform may trigger, based on a threshold of the number of attemptedunauthorized image captures, a security threat assessment of thecomputing device. In addition, in some embodiments, the computingplatform may receive, from the infrared sensor, an indication that thesecond device is attempting the unauthorized image capture of thecontents being displayed by the display device. Then, the computingplatform may generate, based on the contents being displayed, aninstruction for the remediation task. Subsequently, the computingplatform may send the instruction to a pixel driver associated with thedisplay device of the computing device.

In some embodiments, the infrared sensor may include an array of sensorsarranged on the display device of the computing device. In someembodiments, the computing platform may cause one or more sensors of thearray of sensors to be automatically activated to perform the detectingthe infrared signal. In some embodiments, the computing platform maycause the one or more sensors of the array of sensors to beautomatically activated based on a random selection algorithm. Inaddition, in some embodiments, the computing platform may determine therisk level based on the contents being displayed by the display device.Also, in some embodiments, the infrared sensor may be an image capturingdevice associated with the computing device, and the image capturingdevice may be configured to apply image recognition techniques, and thecomputing platform may apply the image recognition techniques toidentify objects in a field of view of the image capturing device. Insome embodiments, the computing platform may identify, via the imagecapturing device and based on the image recognition techniques, thesecond device as another image capturing device. Then, the computingplatform may automatically perform, based on the identifying, theremediation task. Finally, in some embodiments, the computing platformmay detect, via a second infrared sensor, a second infrared signal fromthe second device attempting the unauthorized image capture of thecontents. Then, the computing platform may corroborate, based ondetecting the second infrared signal from the second device, detectingthe first infrared signal from the second device.

The “infrared signal” is used herein to encompass both traditionalsignals that fall within the infrared range of frequency of light, aswell as those signals that fall in a frequency of light range emitted byan image capture device to aid in the capturing of photographs.

These features, along with many others, are discussed in greater detailbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements and in which:

FIGS. 1A and 1B depict an illustrative computing environment forpreventing unauthorized screen capture activity in accordance with oneor more example embodiments;

FIGS. 2A and 2B depict an illustrative event sequence for preventingunauthorized screen capture activity in accordance with one or moreexample embodiments; and

FIG. 3 depicts an illustrative method for preventing unauthorized screencapture activity in accordance with one or more example embodiments.

DETAILED DESCRIPTION

In the following description of various illustrative embodiments,reference is made to the accompanying drawings, which form a parthereof, and in which is shown, by way of illustration, variousembodiments in which aspects of the disclosure may be practiced. It isto be understood that other embodiments may be utilized, and structuraland functional modifications may be made, without departing from thescope of the present disclosure. It is noted that various connectionsbetween elements are discussed in the following description. It is notedthat these connections are general and, unless specified otherwise, maybe direct or indirect, wired or wireless, and that the specification isnot intended to be limiting in this respect.

Aspects of the disclosure relate to preventing unauthorized screencapture activity. A computing platform may detect, via an infraredsensor associated with a computing device, an infrared signal from asecond device attempting an unauthorized image capture of contents beingdisplayed by a display device of the computing device. Subsequently, thecomputing platform may determine, via the computing platform, thecontents being displayed by the display device. Then, the computingplatform may retrieve a record of the contents being displayed by thedisplay device. Then, the computing platform may determine a risk levelassociated with the infrared signal. Subsequently, the computingplatform may perform, via the computing platform and based on the risklevel, a remediation task to prevent (or otherwise mitigate) theunauthorized image capture.

Some aspects of the disclosure relate to preventing unauthorized screencapture activity. For example, an enterprise device may be used toaccess an enterprise infrastructure. A display device associated withthe enterprise device may display sensitive information related to theactivities of the enterprise. In some instances, operator of theenterprise device, and/or a third party may attempt an unauthorizedimage capture of the displayed content. preventing (or otherwisemitigating) such an unauthorized image capture may be of significantimportance to the successful operations of the enterprise.

In some instances, when a device associated attempts an unauthorizedimage capture of the displayed content, such an attempts may include theoperation of an image capture device that transmits an infrared signalprior to the image capture. Accordingly, infrared sensors on the targetenterprise device may be configured to detect the infrared signal, andcomputing platform may respond to such detection by taking appropriatesteps to prevent (or otherwise mitigate) the unauthorized image capture.For example, the computing platform may cause the display device of thetarget enterprise device to not display content, and/or prevent accessto operations of the target enterprise device.

FIGS. 1A and 1B depict an illustrative computing environment forpreventing unauthorized screen capture activity in accordance with oneor more example embodiments. Referring to FIG. 1A, computing environment100 may include one or more computer systems. For example, computingenvironment 100 may include unauthorized image capture preventioncomputing platform 110, enterprise computing infrastructure 120,enterprise data storage platform 130, enterprise device 140, and seconddevice 150.

As illustrated in greater detail below, unauthorized image captureprevention computing platform 110 may include one or more computingdevices configured to perform one or more of the functions describedherein. For example, unauthorized image capture prevention computingplatform 110 may include one or more computers (e.g., laptop computers,desktop computers, servers, server blades, or the like).

Enterprise computing infrastructure 120 may include one or morecomputing devices and/or other computer components (e.g., processors,memories, communication interfaces). In addition, enterprise computinginfrastructure 120 may be configured to host, execute, and/or otherwiseprovide one or more enterprise applications. For example, enterprisecomputing infrastructure 120 may be configured to host, execute, and/orotherwise provide one or more programs associated with an enterpriseorganization, such as a financial institution. In some instances,enterprise computing infrastructure 120 may be configured to providevarious enterprise and/or back-office computing functions for anenterprise organization, such as a financial institution. For example,enterprise computing infrastructure 120 may include various serversand/or databases that store and/or otherwise maintain accountinformation, such as financial account information including accountbalances, transaction history, account owner information, and/or otherinformation. In addition, enterprise computing infrastructure 120 mayprocess and/or otherwise execute transactions on specific accounts basedon commands and/or other information received from other computersystems included in computing environment 100. Additionally oralternatively, enterprise computing infrastructure 120 may receivedevice lockdown requests from unauthorized image capture preventioncomputing platform 110 and return confirmation of such lockdown tounauthorized image capture prevention computing platform 110 in responseto such authorization requests.

Enterprise data storage platform 130 may include one or more computingdevices and/or other computer components (e.g., processors, memories,communication interfaces). In addition, and as illustrated in greaterdetail below, enterprise data storage platform 130 may be configured tostore and/or otherwise maintain enterprise data. Additionally oralternatively, enterprise computing infrastructure 120 may load datafrom enterprise data storage platform 130, manipulate and/or otherwiseprocess such data, and return modified data and/or other data toenterprise data storage platform 130 and/or to other computer systemsincluded in computing environment 100. For example, enterprise datastorage platform 130 may store risk levels, as discussed in more detailbelow, and/or historical data on attempted unauthorized image capturesassociated with an enterprise device, and/or may include data related toa time, location, user (e.g., user that was logged in to the enterprisedevice), and so forth.

Enterprise device 140 may be a personal computing device (e.g., desktopcomputer, laptop computer) or mobile computing device (e.g., smartphone,tablet). In addition, enterprise device 140 may be linked to and/or usedby a specific enterprise user (who may, e.g., be an employee or otheraffiliate of an enterprise organization operating unauthorized imagecapture prevention computing platform 110).

Second device 150 may be a personal computing device (e.g., desktopcomputer, laptop computer) or mobile computing device (e.g., smartphone,tablet, wearable device). In addition, second device 150 may be linkedto and/or used by a specific user. Also, for example, a user associatedwith second device 150 may use second device 150 to perform unauthorizedimage capture activity.

Computing environment 100 also may include one or more networks, whichmay interconnect one or more of unauthorized image capture preventioncomputing platform 110, enterprise computing infrastructure 120,enterprise data storage platform 130, and enterprise device 140. Forexample, computing environment 100 may include private network 170(which may, e.g., interconnect unauthorized image capture preventioncomputing platform 110, enterprise computing infrastructure 120,enterprise data storage platform 130, and enterprise device 140, and/orone or more other systems which may be associated with an organization,such as a financial institution) and public network 160 (which may,e.g., interconnect second device 150 with private network 160 and/or oneor more other systems, public networks, sub-networks, and/or the like).Public network 160 may be a high generation cellular network, such as,for example, a 5G or higher cellular network. In some embodiments,public network 160 may be configured to send and receive messages viadifferent protocols, e.g. Bluetooth, Wireless Fidelity (“Wi-Fi”), nearfield communication (“NFC”), Infrared, cellular, and/or other protocolsthat enable device to device communication over short distances.Meanwhile in alternate embodiments, second device 150 might not beconnected to public network 160; instead, in that embodiment, seconddevice 150 may be a standalone device, such as a point-and-shoot cameraor other comparable image capture device.

In one or more arrangements, enterprise computing infrastructure 120,enterprise data storage platform 130, and enterprise device 140, andsecond device 150, and/or the other systems included in computingenvironment 100 may be any type of computing device capable of receivinga user interface, receiving input via the user interface, andcommunicating the received input to one or more other computing devices.For example, enterprise computing infrastructure 120, enterprise datastorage platform 130, and enterprise device 140, and second device 150,and/or the other systems included in computing environment 100 may, insome instances, be and/or include server computers, desktop computers,laptop computers, tablet computers, smart phones, or the like that mayinclude one or more processors, memories, communication interfaces,storage devices, and/or other components. As noted above, and asillustrated in greater detail below, any and/or all of unauthorizedimage capture prevention computing platform 110, enterprise computinginfrastructure 120, enterprise data storage platform 130, and enterprisedevice 140, and second device 150, may, in some instances, bespecial-purpose computing devices configured to perform specificfunctions.

Referring to FIG. 1B, unauthorized image capture prevention computingplatform 110 may include one or more processors 111, memory 112, andcommunication interface 113. A data bus may interconnect processor 111,memory 112, and communication interface 113. Communication interface 113may be a network interface configured to support communication betweenunauthorized image capture prevention computing platform 110 and one ormore networks (e.g., network 160, network 170, or the like). Memory 112may include one or more program modules having instructions that whenexecuted by processor 111 cause unauthorized image capture preventioncomputing platform 110 to perform one or more functions described hereinand/or one or more databases that may store and/or otherwise maintaininformation which may be used by such program modules and/or processor111. In some instances, the one or more program modules and/or databasesmay be stored by and/or maintained in different memory units ofunauthorized image capture prevention computing platform 110 and/or bydifferent computing devices that may form and/or otherwise make upunauthorized image capture prevention computing platform 110. Forexample, memory 112 may have, store, and/or include infrared signaldetection engine 112 a, displayed content detection engine 112 b, risklevel determination engine 112 c, and remediation task engine 112 d.

Infrared signal detection engine 112 a may build and/or update one ormore device databases, build and/or update one or more device locationdata, build and/or update data related to detecting infrared signals,build and/or update image and/or object recognition data, build and/orupdate one or more other machine-learned models based on signalsdetected and remediation steps to be performed. Displayed contentdetection engine 112 b may have instructions to utilize informationprovided by infrared signal detection engine 112 a, and may haveinstructions that direct and/or cause unauthorized image captureprevention computing platform 110 to determine the contents beingdisplayed by the display device, and/or retrieve a record of thecontents being displayed by the display device. Risk level determinationengine 112 c may have instructions that direct and/or cause unauthorizedimage capture prevention computing platform 110 to determine a risklevel associated with the infrared signal. Remediation task engine 112 dmay have instructions that direct and/or cause unauthorized imagecapture prevention computing platform 110 to perform, based on the risklevel, a remediation task to prevent the unauthorized image capture.

FIGS. 2A and 2B depict an illustrative event sequence for preventingunauthorized screen capture activity in accordance with one or moreexample embodiments. Referring to FIG. 2A, at step 201, unauthorizedimage capture prevention computing platform 110 may detect, via aninfrared sensor associated with a computing device, an infrared signalfrom a second device attempting an unauthorized image capture ofcontents being displayed by a display device of the computing device.For example, a user of a computing device (e.g., enterprise device 140)may be accessing the enterprise computing infrastructure (e.g.,enterprise computing infrastructure 120) associated with an enterpriseorganization (e.g., a financial institution) via the computing device(e.g., enterprise device 140). In some instances, information related tothe enterprise organization may be displayed via a display deviceassociated with the computing device (e.g., enterprise device 140). Asdescribed herein, contents being displayed by the display device may beconfidential and/or highly sensitive information related to theenterprise organization.

In some instances, in an effort to misappropriate such confidentialand/or highly sensitive information related to the enterpriseorganization, a second user associated with a second device (e.g.,second device 150) may attempt an unauthorized image capture of thecontents being displayed. In some instances, the user of the seconddevice (e.g., second device 150) may utilize an image capturing device(e.g., a stand-alone camera, a wearable camera, a camera associated witha mobile device, and so forth) to capture one or more images of thecontents being displayed. In some instances, such image capturingdevices may be configured to transmit infrared signals prior tocapturing an image.

Infrared signals are generally outside a visible range for humans. In anelectromagnetic spectrum, infrared radiation is ranked next to lightwaves that are detectable by human vision. Accordingly, it may beimpossible for the user of the computing device (e.g., enterprise device140) to be aware of an infrared signal being directed at the displaydevice associated with the computing device (e.g., enterprise device140). Also, for example, image capturing devices may not be conspicuousand may avoid visible detection.

Accordingly, the computing device (e.g., enterprise device 140) may beequipped with an infrared sensor that is capable of detecting aninfrared signal. For example, when the second device (e.g., seconddevice 150) attempts an unauthorized image capture of contents beingdisplayed by the display device associated with the computing device(e.g., enterprise device 140), and a camera associated with the seconddevice (e.g., second device 150) transmits the infrared signal prior tocapturing an image, unauthorized image capture prevention computingplatform 110 may detect the infrared signal via the infrared sensorassociated with the computing device (e.g., enterprise device 140).

In some embodiments, the infrared sensor may include an array of sensorsarranged on the display device of the computing device. For example, anarray of sensors may be arranged along two vertical sides of a displaydevice associated with the computing device (e.g., enterprise device140). Also, for example, an array of sensors may be arranged on adisplay side of a mobile computing device. In some instances, the arrayof sensors may be embedded into a graphical user interface of thedisplay device.

In some embodiments, unauthorized image capture prevention computingplatform 110 may cause one or more sensors of the array of sensors to beautomatically activated to perform the detecting the infrared signal.For example, unauthorized image capture prevention computing platform110 may determine that some of the sensors may be obstructed, and mayidentify one or more sensors of the array of sensors that may beutilized to detect an infrared signal. Accordingly, unauthorized imagecapture prevention computing platform 110 may automatically activate theone or more sensors of the array of sensors. As another example,unauthorized image capture prevention computing platform 110 maydetermine that some of the sensors may have been tampered with and mayhave become inoperable, and unauthorized image capture preventioncomputing platform 110 may automatically activate the one or moresensors of the array of sensors that retain operability.

In some examples, unauthorized image capture prevention computingplatform 110 may cause one or more sensors of the array of sensors to beautomatically activated based on a location of the computing device(e.g., enterprise device 140). For example, unauthorized image captureprevention computing platform 110 determine, based on highly preciselocation data from higher generation wireless networks that thecomputing device (e.g., enterprise device 140) is at a busy publiclocation, such as a coffee shop, an airport, and the like. Accordingly,there may be a higher likelihood for malicious activity directed at thecomputing device (e.g., enterprise device 140). In such instances,unauthorized image capture prevention computing platform 110 maydetermine that a larger number of sensors may need to be automaticallyactivated.

In some embodiments, based on image processing abilities of a cameraassociated with the computing device (e.g., enterprise device 140),unauthorized image capture prevention computing platform 110 mayidentify devices, in a field of view of the camera, that are capable ofcapturing images of the display device. Accordingly, unauthorized imagecapture prevention computing platform 110 may select appropriate sensorsthat may be able to detect infrared signals from such devices capable ofcapturing images.

In some embodiments, unauthorized image capture prevention computingplatform 110 may cause the one or more sensors of the array of sensorsto be automatically activated based on a random selection algorithm. Forexample, an individual with a malicious intent may attempt to underminean ability of the computing device (e.g., enterprise device 140) todetect infrared signals. Such an attempt may include, for example,tampering with the sensors, and/or interfering with an ability for thesensors to operate. Accordingly, if the individual with the maliciousintent is unable to physically detect all the sensors, and/or is unableto predict which of the one or more sensors may become operable, thensuch individual's ability to undermine the enterprise organization maybe substantially thwarted. One manner in which predictability may bethwarted is by applying a randomized algorithm to determine which of theone or more sensors may be activated at any given time.

In some embodiments, a random selection algorithm may be based on auniform probability distribution where all the sensors are equallyweighted. In some embodiments, the sensors may be assigned non-uniformweights. For example, in some instances, sensors that are arranged alongthe two vertical sides of the display device may be assigned higherweights than sensors that are arranged along the bottom side of thedisplay device. In such an arrangement, the random selection algorithmmay be more likely to select the sensors that are arranged along the twovertical sides of the display device. Also, for example, sensors thatare embedded within a graphical user interface of a display device maybe assigned higher weights (e.g., such sensors may more accuratelydetermine a target of a malicious intent of the second device) thansensors that are located external to the graphical user interface. Insuch an arrangement, the random selection algorithm may be more likelyto select the sensors that are embedded within the graphical userinterface of the display device, than those that are located external tothe graphical user interface.

In some embodiments, the infrared sensor may be an image capturingdevice associated with the computing device. For example, cameras inmobile devices may be equipped with an infrared sensor. Also, forexample, an image capturing device associated with a laptop, a wearabledevice, and so forth may be equipped with an infrared sensor.

In some embodiments, the image capturing device associated with thecomputing device may be configured to apply image recognitiontechniques. For example, cameras in mobile devices may be equipped withan image recognition software, and unauthorized image capture preventioncomputing platform 110 may apply image recognition techniques embodiedin such software. For example, the image recognition software may beconfigured to identify locations (e.g., in a car, at an airport, at acoffee shop, in a private office, and so forth).

In some embodiments, unauthorized image capture prevention computingplatform 110 may apply the image recognition techniques to identifyobjects in a field of view of the image capturing device. For example,the image recognition techniques may include an ability to performfacial recognition, object recognition, action recognition, and soforth. For example, the image recognition techniques may include facialrecognition capabilities, and unauthorized image capture preventioncomputing platform 110 may apply the image recognition techniques toidentify an individual as an individual likely to attempt anunauthorized image capture. For example, unauthorized image captureprevention computing platform 110 may have previously detected anindividual, Individual A, at a prior location, Location A. Unauthorizedimage capture prevention computing platform 110 may have saved an imageof Individual A in an enterprise database (e.g., enterprise data storageplatform 130).

Upon application of facial recognition capabilities, unauthorized imagecapture prevention computing platform 110 may detect Individual A atanother location, Location B. For example, unauthorized image captureprevention computing platform 110 may perform a comparison of a currentimage of Individual A against a collection of images stored in theenterprise database (e.g., enterprise data storage platform 130).Accordingly, unauthorized image capture prevention computing platform110 may cause one or more remediation steps to be triggered. In someinstances, such remediation steps may be performed prior to detecting aninfrared signal from an image capturing device associated withIndividual A.

In some embodiments, unauthorized image capture prevention computingplatform 110 may detect, via a second infrared sensor, a second infraredsignal from the second device attempting the unauthorized image captureof the contents. For example, a first infrared sensor associated withcomputing device (e.g., enterprise device 140) may detect an infraredsignal from a second device (e.g., second device 150). At or about thesame time, a second infrared signal may be detected by a second infraredsensor from the second device. For example, a first sensor and a secondsensor from an array of sensors may independently detect infraredsignals from the second device (e.g., second device 150). Accordingly,in some embodiments, unauthorized image capture prevention computingplatform 110 may corroborate, based on detecting the second infraredsignal from the second device, detecting the first infrared signal fromthe second device.

In some embodiments, the first infrared sensor associated with computingdevice (e.g., enterprise device 140) may be an infrared sensorassociated with a desktop computing device at an enterprise facility.Also, for example, the second infrared sensor may be associated with asurveillance camera at the enterprise facility. In some embodiments, thefirst infrared sensor and the second infrared sensor may independentlydetect infrared signals from the second device (e.g., second device150). Accordingly, in some embodiments, unauthorized image captureprevention computing platform 110 may corroborate data obtained from thetwo independent infrared sensors, based on detecting independentinfrared signals from the same second device, and further based on suchdetecting being performed by independent devices.

At step 202, unauthorized image capture prevention computing platform110 may determine the contents being displayed by the display device.For example, unauthorized image capture prevention computing platform110 may communicate with an enterprise server hosted by an enterprisecomputing infrastructure (enterprise computing infrastructure 120) anddetermine that the computing device (e.g., enterprise device 140) may beaccessing content. Also, for example, unauthorized image captureprevention computing platform 110 may determine, from the enterpriseserver, the contents being displayed by the display device.

At step 203, unauthorized image capture prevention computing platform110 may retrieve a record of the contents being displayed by the displaydevice. For example, upon a determination of the contents beingdisplayed by the display device, unauthorized image capture preventioncomputing platform 110 may retrieve a snapshot of the contents beingdisplayed by the display device. For example, unauthorized image captureprevention computing platform 110 may cause a snipping tool, or otherscreen print tool, available (e.g., installed) on the computing device(e.g., enterprise device 140) to take a snapshot of the contentsdisplayed on a graphical user interface associated with the displaydevice. Also, for example, unauthorized image capture preventioncomputing platform 110 may communicate with the enterprise server toretrieve a copy of the contents being displayed by the display device.Subsequently, unauthorized image capture prevention computing platform110 may store the retrieved record of the contents being displayed inthe enterprise database (e.g., enterprise data storage platform 130).

At step 204, unauthorized image capture prevention computing platform110 may determine a risk level associated with the infrared signal. Insome embodiments, unauthorized image capture prevention computingplatform 110 may determine the risk level based on the contents beingdisplayed by the display device. In another example, unauthorized imagecapture prevention computing platform 110 may determine the risk levelbased on the systems connected to and being accessed by the enterprisedevice 140 at a given time. In some examples, the risk level may be setby the user or a supervisory user (e.g., the IT department, a user'ssupervisor/manager). In other embodiments, the risk level may be defaultto a particular value, and the unauthorized image capture preventioncomputing platform 110 may adjust the value upwards or downwards basedon one or more of the aforementioned criterion.

At step 205, unauthorized image capture prevention computing platform110 may perform, based on the risk level, a remediation task to preventthe unauthorized image capture. The remediation tasks may include, butare not limited to, one or more of the actions illustrated in FIG. 2B.

Referring to FIG. 2B, at step 206, unauthorized image capture preventioncomputing platform 110 may cause the display device (e.g., a screen) todisplay an alert notification to a user of the computing device. Thealert notification may be simply a pop-up dialog box on the screen toalert the user that someone else may be attempting to or may have takena photograph including the display device. In some examples, the alertnotification may be inconspicuously positioned in a corner of thescreen, or even simply as an icon on a taskbar or menu running along anedge of the screen. In other examples, the alert notification mayobscure most/much/all of the screen such that no content is visibleuntil the alert notification is closed or otherwise minimized.

At step 207, unauthorized image capture prevention computing platform110 may cause the display device to cease to display the contents beingdisplayed. In one example, the unauthorized image capture preventioncomputing platform 110 may send a command to the display device to causeit to black-out the screen. The black-out operation may be performed bycausing the pixel driver of the display device to immediately change thecolor being outputted to the screen such that it obfuscates the contentsof the screen; in some examples, the screen may become entirely onecolor. In other examples, the screen may take on more than one colorduring black-out operation. In other examples, the unauthorized imagecapture prevention computing platform 110 may cease display of thecontents by blocking only those portions of the screen that includeconfidential, secret information while leaving intact the remainingportions.

At step 208, unauthorized image capture prevention computing platform110 may deny access to operations of the computing device. In suchexamples, the infraction may be determined to be of high severity or ofindeterminate severity, and the policy may simply be to lock-out theuser until the situation can be assessed. The computing device may, insome examples, be locked out for a predetermined period of time. Inanother example, the computing device is manually unlocked by the ITdepartment or other personnel.

In some embodiments, unauthorized image capture prevention computingplatform 110 may receive, from the infrared sensor, an indication thatthe second device is attempting the unauthorized image capture of thecontents being displayed by the display device. In some embodiments,unauthorized image capture prevention computing platform 110 maygenerate, based on the contents being displayed, an instruction for theremediation task. Meanwhile, in some embodiments, unauthorized imagecapture prevention computing platform 110 may send the instruction to apixel driver associated with the display device of the computing device.

In one embodiment, unauthorized image capture prevention computingplatform 110 may identify, via a first image capturing device and basedon image recognition techniques, the second device a second imagecapturing device. In such an example, the first image capturing deviceis in network communication with the unauthorized image captureprevention computing platform 110, and captures an image of the secondimage capturing device in order to positively identify characteristicsof the second image capturing device to be those indicative of an imagecapturing device. In some examples, the image recognition techniques maybe advanced such that in addition to identifying a second imagecapturing device, the image recognition techniques also confirm that thesecond image capturing device is being operated. For example, if ahuman's finger is hovering over or pressing the shutter button on apoint-and-shoot camera, or if the human's finger is pressing the touchscreen to capture a photos. There are several other examples of actionsthat the image recognition techniques may associate with the operationof capturing an image with an image capture device.

In some embodiments, unauthorized image capture prevention computingplatform 110 may automatically perform, based on the identifying, theremediation task. At step 209, unauthorized image capture preventioncomputing platform 110 may determine a number of attempted unauthorizedimage captures associated with the computing device. If the quantity ofattempted unauthorized image captures exceeds a threshold amount, theunauthorized image capture prevention computing platform 110 may performan operation to prevent further data breaches. Moreover, at step 210,unauthorized image capture prevention computing platform 110 maytrigger, based on a threshold of the number of attempted unauthorizedimage captures, a security threat assessment of the computing device.

FIG. 3 depicts an illustrative method for preventing unauthorized screencapture activity in accordance with one or more example embodiments.Referring to FIG. 3, at step 305, a computing platform having at leastone processor, a communication interface, and memory may detect, via aninfrared sensor associated with a computing device, an infrared signalfrom a second device attempting an unauthorized image capture ofcontents being displayed by a display device of the computing device. Atstep 310, the computing platform may determine, via the computingplatform, the contents being displayed by the display device. At step315, the computing platform may retrieve a record of the contents beingdisplayed by the display device. At step 320, the computing platform maydetermine a risk level associated with the infrared signal.

In some embodiments, one or more of the aforementioned steps ofdetermining the contents (step 310), retrieving a record (step 315), anddetermining a risk level (step 320) may use a system of machine learningand/or artificial intelligence to improve accuracy of the assessment. Aframework for machine learning may involve a combination of one or morecomponents, sometimes three components: (1) representation, (2)evaluation, and (3) optimization components. Representation componentsrefer to computing units that perform steps to represent knowledge indifferent ways, including but not limited to as one or more decisiontrees, sets of rules, instances, graphical models, neural networks,support vector machines, model ensembles, and/or others. Evaluationcomponents refer to computing units that perform steps to represent theway hypotheses (e.g., candidate programs) are evaluated, including butnot limited to as accuracy, prediction and recall, squared error,likelihood, posterior probability, cost, margin, entropy k-L divergence,and/or others. Optimization components refer to computing units thatperform steps that generate candidate programs in different ways,including but not limited to combinatorial optimization, convexoptimization, constrained optimization, and/or others. In someembodiments, other components and/or sub-components of theaforementioned components may be present in the system to furtherenhance and supplement the aforementioned machine learningfunctionality.

Machine learning algorithms sometimes rely on unique computing systemstructures. Machine learning algorithms may leverage neural networks,which are systems that approximate biological neural networks (e.g., thehuman brain). Such structures, while significantly more complex thanconventional computer systems, are beneficial in implementing machinelearning. For example, an artificial neural network may be comprised ofa large set of nodes which, like neurons in the brain, may bedynamically configured to effectuate learning and decision-making.Moreover, machine learning tasks are sometimes broadly categorized aseither unsupervised learning or supervised learning. In unsupervisedlearning, a machine learning algorithm is left to generate any output(e.g., to label as desired) without feedback. The machine learningalgorithm may teach itself (e.g., observe past output), but otherwiseoperates without (or mostly without) feedback from, for example, a humanadministrator.

In an embodiment involving supervised machine learning, a graph modulecorresponding to an artificial neural network may receive and executeinstructions to modify the computational graph. A supervised machinelearning model may provide an indication to the graph module that outputfrom the machine learning model was correct and/or incorrect. Inresponse to that indication, the graph module may modify one or morenodes and/or edges to improve output. The modifications to the nodesand/or edges may be based on a prediction, by the machine learning modeland/or the graph module, of a change that may result an improvement. Themodifications to the nodes and/or edges may be based on historicalchanges to the nodes and/or edges, such that a change may not becontinuously made and unmade (an undesirable trend which may be referredto as oscillation). Feedback may be additionally or alternativelyreceived from an external source, such as an administrator, anothercomputing device, or the like. Where feedback on output is received andused to reconfigure nodes and/or edges, the machine learning model maybe referred to as a supervised machine learning model.

In supervised learning, a machine learning algorithm is providedfeedback on its output. Feedback may be provided in a variety of ways,including via active learning, semi-supervised learning, and/orreinforcement learning. In active learning, a machine learning algorithmis allowed to query answers from an administrator. For example, themachine learning algorithm may make a guess in a face detectionalgorithm, ask an administrator to identify the photo in the picture,and compare the guess and the administrator's response. Insemi-supervised learning, a machine learning algorithm is provided a setof example labels along with unlabeled data. For example, the machinelearning algorithm may be provided a data set of one hundred photos withlabeled human faces and ten thousand random, unlabeled photos. Inreinforcement learning, a machine learning algorithm is rewarded forcorrect labels, allowing it to iteratively observe conditions untilrewards are consistently earned. For example, for every face correctlyidentified, the machine learning algorithm may be given a point and/or ascore (e.g., “75% correct”).

In one example, the machine learning engine may identify relationshipsbetween nodes that previously may have gone unrecognized. For example,using a collaborative filtering technique, the machine learning enginemay identify that a node representing content on a screen should beconnected to the user's relative, which is an attribute of the user. Themachine learning engine may have identified that other screen capturesinvolving the user's relative have also recently generated alertnotificaitons. This realization by the machine learning engine mayincrease the heat of the specific node; and subsequently spread toconnected nodes. This may result in particular nodes exceeding athreshold confidence to push those nodes to an updated outcome from aBoolean false to a Boolean true. Other examples of machine learningtechniques may be used in combination or in lieu of a collaborativefiltering technique included, but are not limited to a screen capturemodel, any time series trend analysis, and the like.

In addition, one theory underlying supervised learning is inductivelearning. In inductive learning, a data representation is provided asinput samples data (x) and output samples of the function (f(x)). Thegoal of inductive learning is to learn a good approximation for thefunction for new data (x), i.e., to estimate the output for new inputsamples in the future. Inductive learning may be used on functions ofvarious types: (1) classification functions where the function beinglearned is discrete; (2) regression functions where the function beinglearned is continuous; and (3) probability estimations where the outputof the function is a probability.

As elaborated herein, in practice, machine learning systems and theirunderlying components are tuned by data scientists to perform numeroussteps to perfect machine learning systems. The process is sometimesiterative and may entail looping through a series of steps: (1)understanding the domain, prior knowledge, and goals; (2) dataintegration, selection, cleaning, and pre-processing; (3) learningmodels; (4) interpreting results; and/or (5) consolidating and deployingdiscovered knowledge. This may further include conferring with domainexperts to refine the goals and make the goals more clear, given thenearly infinite number of variables that can possible be optimized inthe machine learning system. Meanwhile, one or more of data integration,selection, cleaning, and/or pre-processing steps can sometimes be themost time consuming because the old adage, “garbage in, garbage out,”also reigns true in machine learning systems.

Referring to FIG. 3, at step 325, the computing platform may determineif the risk level associated with the infrared signal is “Low”. If atstep 325, the computing platform determines that the risk level is“Low”, the computing platform may continue to step 330. At step 330, thecomputing platform may cause the display device to display an alertnotification to a user of the computing device. If at step 325, thecomputing platform determines that the risk level is not “Low”, thecomputing platform may continue to step 335.

At step 335, the computing platform may determine if the risk levelassociated with the infrared signal is “Medium”. If at step 335, thecomputing platform determines that the risk level is “Medium”, thecomputing platform may continue to step 340. At step 340, the computingplatform may cause the display device to cease to display the contentsbeing displayed. If at step 335, the computing platform determines thatthe risk level is not “Medium”, the computing platform may continue tostep 345.

At step 345, the computing platform may determine if the risk levelassociated with the infrared signal is “High”. If at step 345, thecomputing platform determines that the risk level is “High”, thecomputing platform may continue to step 350. At step 350, the computingplatform may deny access to operations of the computing device. If atstep 345, the computing platform determines that the risk level is not“High”, the computing platform may continue to step 320 to determine arisk level for the same, and/or another infrared signal.

In some embodiments, one or more of the aforementioned steps 325, 335,and 345 may use a system of machine learning and/or artificialintelligence to improve accuracy of the assessment of risk level. Asexplained above, a framework for machine learning may involve acombination of supervised and unsupervised learning models.

One or more aspects of the disclosure may be embodied in computer-usabledata or computer-executable instructions, such as in one or more programmodules, executed by one or more computers or other devices to performthe operations described herein. Generally, program modules includeroutines, programs, objects, components, data structures, and the likethat perform particular tasks or implement particular abstract datatypes when executed by one or more processors in a computer or otherdata processing device. The computer-executable instructions may bestored as computer-readable instructions on a computer-readable mediumsuch as a hard disk, optical disk, removable storage media, solid-statememory, RAM, and the like. The functionality of the program modules maybe combined or distributed as desired in various embodiments. Inaddition, the functionality may be embodied in whole or in part infirmware or hardware equivalents, such as integrated circuits,application-specific integrated circuits (ASICs), field programmablegate arrays (FPGA), and the like. Particular data structures may be usedto more effectively implement one or more aspects of the disclosure, andsuch data structures are contemplated to be within the scope of computerexecutable instructions and computer-usable data described herein.

Various aspects described herein may be embodied as a method, anapparatus, or as one or more computer-readable media storingcomputer-executable instructions. Accordingly, those aspects may takethe form of an entirely hardware embodiment, an entirely softwareembodiment, an entirely firmware embodiment, or an embodiment combiningsoftware, hardware, and firmware aspects in any combination. Inaddition, various signals representing data or events as describedherein may be transferred between a source and a destination in the formof light or electromagnetic waves traveling through signal-conductingmedia such as metal wires, optical fibers, or wireless transmissionmedia (e.g., air or space). In general, the one or more computer-readable media may be and/or include one or more non-transitorycomputer-readable media.

As described herein, the various methods and acts may be operativeacross one or more computing servers and one or more networks. Thefunctionality may be distributed in any manner, or may be located in asingle computing device (e.g., a server, a client computer, and thelike). For example, in alternative embodiments, one or more of thecomputing platforms discussed above may be combined into a singlecomputing platform, and the various functions of each computing platformmay be performed by the single computing platform. In such arrangements,any and/or all of the above-discussed communications between computingplatforms may correspond to data being accessed, moved, modified,updated, and/or otherwise used by the single computing platform.Additionally or alternatively, one or more of the computing platformsdiscussed above may be implemented in one or more virtual machines thatare provided by one or more physical computing devices. In sucharrangements, the various functions of each computing platform may beperformed by the one or more virtual machines, and any and/or all of theabove-discussed communications between computing platforms maycorrespond to data being accessed, moved, modified, updated, and/orotherwise used by the one or more virtual machines.

Aspects of the disclosure have been described in terms of illustrativeembodiments thereof. Numerous other embodiments, modifications, andvariations within the scope and spirit of the appended claims will occurto persons of ordinary skill in the art from a review of thisdisclosure. For example, one or more of the steps depicted in theillustrative figures may be performed in other than the recited order,and one or more depicted steps may be optional in accordance withaspects of the disclosure.

We claim:
 1. A computing platform, comprising: at least one processor; acommunication interface communicatively coupled to the at least oneprocessor; and memory storing computer-readable instructions that, whenexecuted by the at least one processor, cause the computing platform to:detect, via an infrared sensor associated with a computing device, aninfrared signal from a second device attempting an unauthorized imagecapture of contents being displayed by a display device of the computingdevice; based on detecting the infrared signal, communicate with aserver to retrieve a copy of the contents being displayed by the displaydevice; determine, using machine learning and based on the contentsbeing displayed by the display device, a risk level associated with theinfrared signal; and perform, via the computing platform and based onthe risk level, a remediation task to prevent the unauthorized imagecapture.
 2. The computing platform of claim 1, wherein thecomputer-readable instructions that cause the computing platform toperform the remediation task comprise additional computer-readableinstructions that, when executed by the at least one processor, causethe computing platform to: cause the display device to display an alertnotification to a user of the computing device.
 3. The computingplatform of claim 1, wherein the computer-readable instructions thatcause the computing platform to perform the remediation task compriseadditional computer-readable instructions that, when executed by the atleast one processor, cause the computing platform to: cause the displaydevice to cease to display the contents being displayed.
 4. Thecomputing platform of claim 1, wherein the computer-readableinstructions that cause the computing platform to perform theremediation task comprise additional computer-readable instructionsthat, when executed by the at least one processor, cause the computingplatform to: deny access to operations of the computing device.
 5. Thecomputing platform of claim 1, wherein the computer-readableinstructions that cause the computing platform to perform theremediation task comprise additional computer-readable instructionsthat, when executed by the at least one processor, cause the computingplatform to: determine a number of attempted unauthorized image capturesassociated with the computing device; and trigger, based on a thresholdof the number of attempted unauthorized image captures, a securitythreat assessment of the computing device.
 6. The computing platform ofclaim 1, wherein the computer-readable instructions that cause thecomputing platform to perform the remediation task comprise additionalcomputer-readable instructions that, when executed by the at least oneprocessor, cause the computing platform to: receive, from the infraredsensor, an indication that the second device is attempting theunauthorized image capture of the contents being displayed by thedisplay device; generate, based on the contents being displayed, aninstruction for the remediation task; and send the instruction to apixel driver associated with the display device of the computing device.7. The computing platform of claim 1, wherein the infrared sensorcomprises an array of sensors arranged on the display device of thecomputing device.
 8. The computing platform of claim 7, wherein thememory stores additional computer-readable instructions that, whenexecuted by the at least one processor, cause the computing platform to:cause one or more sensors of the array of sensors to be automaticallyactivated to perform the detecting the infrared signal.
 9. The computingplatform of claim 8, wherein the computer-readable instructions thatcause the one or more sensors of the array of sensors to beautomatically activated comprise additional computer-readableinstructions that, when executed by the at least one processor, causethe computing platform to: cause the one or more sensors of the array ofsensors to be automatically activated based on a random selectionalgorithm.
 10. The computing platform of claim 1, wherein thecomputer-readable instructions that cause the computing platform todetermine the risk level comprise additional computer-readableinstructions that, when executed by the at least one processor, causethe computing platform to: determine the risk level based on thecontents being displayed by the display device.
 11. The computingplatform of claim 1, wherein the infrared sensor is an image capturingdevice associated with the computing device, and wherein the imagecapturing device is configured to apply image recognition techniques,and wherein the memory stores additional computer-readable instructionsthat, when executed by the at least one processor, cause the computingplatform to: apply the image recognition techniques to identify objectsin a field of view of the image capturing device.
 12. The computingplatform of claim 11, wherein the memory stores additionalcomputer-readable instructions that, when executed by the at least oneprocessor, cause the computing platform to: identify, via the imagecapturing device and based on the image recognition techniques, thesecond device as another image capturing device; and wherein thecomputer-readable instructions that cause the computing platform toperform the remediation task comprise additional computer-readableinstructions that, when executed by the at least one processor, causethe computing platform to automatically perform, based on theidentifying, the remediation task.
 13. The computing platform of claim1, wherein the memory stores additional computer-readable instructionsthat, when executed by the at least one processor, cause the computingplatform to: detect, via a second infrared sensor, the infrared signalfrom the second device attempting the unauthorized image capture of thecontents; and corroborate, based on the second infrared sensor detectingthe infrared signal from the second device, detecting the infraredsignal from the second device.
 14. A method, comprising: at a computingplatform comprising at least one processor, a communication interface,and memory: detecting, via an infrared sensor associated with acomputing device, an infrared signal from a second device attempting anunauthorized image capture of contents being displayed by a displaydevice of the computing device; based on detecting the infrared signal,communicating with a server to retrieve a copy of the contents beingdisplayed by the display device; determining, based on the contentsbeing displayed by the display device, a risk level associated with theinfrared signal; identifying, via the computing platform and based onthe risk level, a remediation task to prevent the unauthorized imagecapture; and performing, via the computing platform, the remediationtask.
 15. The method of claim 14, further comprising: denying access tooperations of the computing device.
 16. The method of claim 14, furthercomprising: determining a number of attempted unauthorized imagecaptures associated with the computing device; and triggering, based ona threshold of the number of attempted unauthorized image captures, asecurity threat assessment of the computing device.
 17. The method ofclaim 14, wherein the infrared sensor comprises an array of sensorsarranged on the display device of the computing device, and furthercomprising: causing one or more sensors of the array of sensors to beautomatically activated based on a random selection algorithm.
 18. Themethod of claim 14, further comprising: determining the risk level basedon the contents being displayed by the display device.
 19. The method ofclaim 14, wherein the infrared sensor is an image capturing deviceassociated with the computing device, and wherein the image capturingdevice is configured to apply image recognition techniques, and furthercomprising: identifying, via the image capturing device and based on theimage recognition techniques, the second device as another imagecapturing device; and wherein performing the remediation task comprisesautomatically performing, based on the identifying, the remediationtask.
 20. One or more non-transitory computer-readable media storinginstructions that, when executed by a computing platform comprising atleast one processor, a communication interface, and memory, cause thecomputing platform to: detect, via an image capturing device associatedwith a computing device, an infrared signal from a second deviceattempting an unauthorized image capture of contents being displayed bya display device of the computing device; based on detecting theinfrared signal, communicate with a server to retrieve a copy of thecontents being displayed by the display device; determine, based on thecontents being displayed by the display device, a risk level associatedwith the infrared signal; and perform, via the computing platform andbased on the risk level, a remediation task to prevent the unauthorizedimage capture.